Preamble

In their professional activities, computer scientists interact with manifold aspects of life in our society and the laws and standards governing it. To take into account the special nature and diversity of these is both their duty and their express wish. Accordingly, these guidelines are not formulated merely as ethical demands; they are, at the same time, the expression of this group's common will to view such interaction as an integral part of their professional activities at both an individual and institutional level. The choice of the term 'guidelines' underscores the open nature of these demands.

The aim of the Gesellschaft für Informatik (GI) in issuing these guidelines is to set in motion a process of reflection on and response to conflicts relating to professional ethics. It is the GI's specific concern to support those of its members who, by acting responsibly, have drawn public attention or criticism. Above all, the GI wishes to initiate a public discourse on ethical questions in computer science and contribute to this discourse in an advisory and instructive capacity.

It is an important task in our computerized world to address, in an interdisciplinary manner, the issue of the options for action open to us and the likely consequences ensuing from them. But this is something that we, as individuals, are normally unable to accomplish. That is why the GI considers it imperative to focus on the connections between individual and collective responsibility and to develop ways of making such connections explicit. To this extent, the GI engages to observe the following guidelines.

I Members

Art.1 Specialist Competence
Members are expected to constantly improve their own specialist competence in step with scientific and technological development.

Art. 2 Application Competence
Members are expected, above and beyond their specialist competence, to familiarize themselves with those computer applications impinging on their own professional sphere such that they are able to understand the relationship existing between them. This presumes a willingness to understand and give consideration to the concerns and interests of the various persons and groups affected.

Art. 3 Legal Competence
Members are expected to be conversant with the relevant legal provisions, to observe them and contribute to their continuing revision and amendment.

Art. 4 Communicative Competence and Discernment
Members are expected to develop their own capacity for communication and discernment so as to enable them to participate, as computer professionals, in design activities and interdisciplinary discussions in pursuance of a collective code of ethics.

II Members in Senior Positions

Art. 5 Working Conditions
Members in senior positions are additionally expected to ensure that the working conditions of computer professionals are such as to enable them to subject their own work to critical scrutiny by reference to the current state of the art.

Art. 6 Participation
Members in senior positions are additionally expected to help ensure that the persons and groups affected by the introduction of computer systems are given ample opportunity to participate in the design of such systems and in the shaping of the conditions in which they are used. In particular, they are expected to ensure that no monitoring or surveillance systems are installed without prior consultation of those affected.

Art. 7 Organizational Structures
Members in senior positions are additionally expected to actively foster organizational structures and communicative processes enabling individuals to assume responsibility in terms of a collective code of ethics.

III Members Engaged in Teaching and Research

Art. 8 Members engaged in teaching computer science are additionally expected both to prepare their students to assume responsibility individually and collectively, and to set a good example by their own personal behaviour and action.

IV The Gesellschaft für Informatik

Art. 9 Standing Up For One's Convictions
The GI encourages its members to stand up for their convictions in situations where their duty towards their employer or a client conflicts with their responsibility towards the persons or groups affected.

Art. 10 Mediation
The GI will assume the role of mediator in cases of conflict, if so requested by the persons or groups involved.

Art. 11 Interdisciplinary Discourses
The GI will provide for and promote interdisciplinary discourses on ethical problems relating to computer science; the question of which topics are to be addressed will also be decided in the context of such discourses. Suggestions may be put forward by individual members or groups of the GI. The results of such discourses will be made public.

Art. 12 Casebook
The GI will compile a generally accessible casebook on ethical conflicts, which will be annotated and regularly updated.

Art. 13 Board of Governors
These ethical guidelines will support the Board of Governors in its duties and decision-making in accordance with § 8 of the GI's Statutes.

Art. 14 Revisions and Amendments
These ethical guidelines will be regularly revised and amended.

Explanatory Notes

Person Affected
The data protection laws define this term as the natural person about whom data give information. It covers both persons in their capacity as members of organizations (employees, users) and non-members of organizations acting in a private capacity (citizens, clients). It is recommended that this commonly accepted term be adopted for all contexts in which computer systems are used. The distinction between "user" (member of an organization) and "usee" (non-member of an organization) commonly made in the English-speaking community has not yet gained acceptance in Germany.

Discourse
Discourses are processes of common reflection on problems involving norms or ethical values which are too complex to be resolved by individuals or a single specialist discipline. Their most important function is to initiate a process of interdisciplinary communication with a view to overcoming the existing boundaries of our knowledge and understanding; and to question existing prejudices (which are then either borne out or modified in the light of other opinions) so as to enable agreement to be reached. The mere problem of overcoming language barriers is proving to be a long and complicated matter, and it is therefore advisable to schedule the duration of such discourses for a medium-term period.

Casebook
Casebook is taken to mean a record of actual cases in which persons (chiefly computer scientists) acting in a professional capacity have run into ethical conflicts as a result of the duties or tasks entrusted to them. The GI Working Group on "Computers and Responsibility" undertakes to compile and annotate such cases. The casebook is intended to provide a concrete background for these guidelines and to help convey their importance and utility by furnishing practical examples of their potential application. Individuals in similar situations can consult these examples and derive from them guidelines for their own behaviour and action.

Computer System
Computer system is taken to mean the aggregate of hardware, software and network components, including all design and training processes implied or entailed by it with respect to work and organization.

Collective Ethics
Ethics are concerned with the deliberate action of human beings who reflect on the consequences of this action for other human beings, their fellow creatures and the environment in previously unexperienced situations not yet governed by moral and legal norms. This may involve reflection on the consequences of action in a direct and immediate context, or on its long-term or broad repercussions. Reflections of the individual on such consequences of action belong to the realm of individual ethics.

The consequences of collective action (in organizations, groups, economic communities and cultures) are, however, frequently too complex to be properly understood by the individual. Collective action must, then, also be subjected to collective reflection. Collective ethics are based on the option of reflecting jointly and circumspectly on the consequences of future collective action that is unable to draw on past experience or on any norms thus derived. There is a specific need for such reflection in cases where individual ethics or morals are at variance with collective ethics.

Monitoring and Surveillance Systems
Following the Betriebsverfassungsgesetz (German Labour Management Act), monitoring and surveillance systems are defined as "technical facilities" objectively amenable to utilization "for monitoring the behaviour or performance of workers and employees" (§ 87 Par. 1 No. 6 BetrVG). Co-determination rights may be exercised by the bodies representing workers' interests in cases where it is intended to install such systems.

Mediation
Mediation is taken to mean the negotiation processes by means of which conflicts of interest between two or more parties are settled by consulting a neutral third party (mediator). The objective here is to arrive at solutions that are acceptable to all sides. The mediation process is characterized by exploration of existing scope for action and the search for new solutions. The results of this process are not legally binding; generally speaking, the most successful solutions are those where all sides are felt to have 'won'.

Legal Provisions
Today, legislation contains numerous provisions pertaining to or impinging on the design of computer systems. The most important of these are:

General and application-specific data protection, including worker and employee data protection

Laws governing the protection of industrial property, in particular copyright and patent laws

General civil and strict product liability

IT security laws

Laws pertaining to telecommunications

In many, though by no means all, cases the observance of technical norms and standards (DIN, EN, ISO) implies compliance with existing laws.

State of the Art in Science and Technology
These guidelines would be obsolete immediately upon their promulgation if they were applied to an already existing body of knowledge in computer science. The alternative to citing rigid provisions is to adopt the principle of so-called open normative standards opted for by German technical security law. The Federal Constitutional Court has expounded this principle in a number of fundamental rulings in terms of a so-called "Three-Stage Doctrine" (BVerfGE 49, 89 ff.; BVerfGE 53, 30 ff.; BVerfGE 56, 54 ff.).

1st Stage: Generally Accepted Principles and Standards in Technology
A principle or standard is considered to be generally accepted if the majority of practitioners working in a particular field are convinced of its correctness and have documented this conviction. The principle or standard must be practically proven and tested. Decisive here is the representative opinion of the body of practitioners as a whole; divergent views of minority groups are of no significance. General acceptance is strongly implied, for example, by the existence of DIN or ISO norms for the problem in hand.

2nd Stage: State of the Art in Technology
The criteria for deciding what measures are required are shifted to the forefront of technological development, where general acceptance and practical testing alone are insufficient. When this formula is applied, differences of opinion between technical practitioners must be explicitly identified. Most data protection laws contain a reference to the "State of the Art in Technology (and Organization)" in their data security provisions.

3rd Stage: State of the Art in Science and Technology
Reference to this formula involves an even greater commitment to ensuring that a standard keeps abreast of developments in science and technology. The required measures are based on what is considered necessary in accordance with the latest scientific findings; they are not limited by what is currently technically feasible in the respective field. A reference to the "State of the Art in Science and Technology" is contained, for example, in the Product Liability Law of 1989, which is applicable at least to standard software.

It is reasonable to apply particularly high standards as far as the specialist competence of computer scientists is concerned (3rd stage). When constructing computer systems, it ought to be generally sufficient to comply at least with the standards expected of computer scientists in the data protection laws, for example.